DDoS Detection, Mitigation, Orchestration, and Threat Intelligence
Consolidated Security & CGNAT
TLS/SSL Inspection
Web Application Firewall
Application Security & Load Balancing
Analytics & Management
CGNAT & IPv6 Migration
Red Hat OpenShift is a comprehensive enterprise-grade platform built for containers with Kubernetes. With Red Hat OpenShift, developers can easily deploy applications using a library of supported technologies, so teams can choose the languages, frameworks, and databases they use to build and deploy their services. (visit here to know more about Red Hat OpenShift)
A10 Networks’ Secure Service Mesh solution provides an easy, automated way to integrate enterprise-grade security and load-balancing/traffic management with comprehensive application visibility and analytics with no change to applications, and across their entire lifecycle.
The unified solution offers a highly scalable, software-defined distributed architecture incorporating three key components: A10 Lightning ADC, A10 Kubernetes Connector, and A10 Harmony Controller. (For more information visit product documentation about A10 Secure Service Mesh.)
The A10 Lightning ADC daemon-set can be deployed in a Kubernetes cluster to manage containerized application traffic within the cluster. The Lightning ADC management capabilities include load balancing and application security. The Harmony Controller provides centralized management for ADCs and analytics for the applications. For more information visit the Secure Service Mesh solution brief.
Deployment Architecture
Understanding system prerequisites
Red Hat OpenShift provides configuration options using a web-based GUI and command line lnterface (CLI) to deploy the application YAML files.
Note: The deployment and configuration steps mentioned below are using the CLI. Watch this video to learn more about the deployment steps using GUI
Assuming that you have A10 Harmony Controller and Red Hat OpenShift installed and working, follow the below steps to setup the Secure Service Mesh solution.
An ingress resource is the object that allows users to define load balancing and content switching rules.
When a Kubernetes service is created, by default, Kube-proxy plays the role of a load balancer. When Lightning ADC is added in the path, Kube-proxy becomes redundant. Deploying the application service as a headless service eliminates Kube-proxy from the path and traffic will be routed to Lightning ADC.
The A10 Harmony portal, “analytics dashboard” shows the real-time application user traffic stats like current traffic throughput, response time, connection details along with several metrics for different categories like client summary, ADC performance, application response time and server health, etc. The analytics metrics data helps admins to troubleshoot the application slowness or application access-related problems.
The above image shows the information summary about the client’s geo location, client requests and server response codes, number of client requests received by Lightning ADC. This helps admins to identify and control user traffic.
The above image shows the round-trip HTTP request/response time chart measured at different break-points. This helps the admin to visualize the latency at each of the break-points, providing a quick summary to quickly figure out if there are any issues that may need to be investigated.
Red Hat OpenShift provides a simple Kubernetes platform for users to deploy their own container-based applications using a library of supported technologies. This reduces the complexity and operational overhead of managing applications in Kubernetes. In addition, the A10 Lightning ADC daemon-set manages and monitors application traffic and provides application traffic visibility, security and granular analytics. The A10 Kubernetes Connector communicates the configuration specified in ingress resources or service labels to the A10 Harmony Controller via Harmony APIs and creates the required application configuration.
